Appearance
Authentication
All Multilogin X API requests (except sign-in) require a Bearer Token in the Authorization header.
Sign In
Endpoint: POST https://api.multilogin.com/user/signin
bash
curl -X POST https://api.multilogin.com/user/signin \
-H "Content-Type: application/json" \
-d '{
"email": "your@email.com",
"password": "your-password"
}'Response:
json
{
"status": {
"error_code": "",
"http_code": 200,
"message": "Success"
},
"data": {
"token": "eyJhbGciOiJSUzI1NiIs..."
}
}Token Lifecycle
| Token Type | Lifetime | Rate Limits |
|---|---|---|
| Regular | 30 minutes | Standard |
| Automation | Extended | Higher rate limits |
Refreshing Tokens
Endpoint: POST https://api.multilogin.com/user/refresh_token
Always refresh before the 30-minute expiry to avoid re-authenticating.
bash
curl -X POST https://api.multilogin.com/user/refresh_token \
-H "Authorization: Bearer YOUR_CURRENT_TOKEN"Response:
json
{
"status": {
"error_code": "",
"http_code": 200,
"message": ""
},
"data": {
"token": "eyJhbGciOiJSUzI1NiIs..."
}
}Automation Token
For CI/CD pipelines and long-running scripts, use an automation token which provides:
- Longer token lifetime
- Higher rate limits
- No need for frequent refreshes
Using the Token
Include the token in every request as a Bearer header:
bash
curl -X GET https://api.multilogin.com/some/endpoint \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json"Password Management
Change Password
Endpoint: POST https://api.multilogin.com/user/change_password
bash
curl -X POST https://api.multilogin.com/user/change_password \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"current_password": "old-password",
"new_password": "new-password"
}'Reset Password
Endpoint: POST https://api.multilogin.com/user/reset_password
bash
curl -X POST https://api.multilogin.com/user/reset_password \
-H "Content-Type: application/json" \
-d '{"email": "your@email.com"}'Best Practices
Token Management
- Refresh tokens before the 30-minute expiry, not after
- Use automation tokens for scripts and CI/CD
- Handle
401 Unauthorizedby re-authenticating - Handle
429 Too Many Requestswith exponential backoff
Security
- Never commit tokens to source control
- Store tokens in environment variables
- Rotate passwords regularly